On 22.09.2016 07:17, RjOllos wrote:
Based on what you said, I considered if we could detect re-entrancy by
passing the policy to the permission cache when doing a
PermissionCache.has_permission check inside of
PermissionCache.check_permission:
https://trac.edgewall.org/ticket/12597


Replied in ticket.

I also posted modifications to SignedTickets, but I don't expect they
will fix this "interaction" issue:
https://trac.edgewall.org/wiki/CookBook/Configuration/SignedTickets?version=9

>>> -  'TICKET_ADMIN' in perm:
>>> +  any(a in perm for a in self.admin_actions):

This change seems unnecessary and maybe even more problematic than before.
Unnecessary because TRAC_ADMIN implies TICKET_ADMIN anyway, so there's no need to check for TRAC_ADMIN explicitly. (But there may be more subtle details I'm missing.) Problematic because checking more permissions leads to more potentially problematic interactions (and possible mutual recursion) with other policies.



Peter

--
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to trac-users+unsubscr...@googlegroups.com.
To post to this group, send email to trac-users@googlegroups.com.
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to